Ubisoft issues company-wide password reset after being hacked

15 Mar 2022

Image: © Tada Images/Stock.adobe.com

It has been reported that the ransomware group Lapsus$ – which claims to have hacked Nvidia last month – may be responsible.

Gaming giant Ubisoft has confirmed that it initiated a company-wide password reset after experiencing a “cybersecurity incident”.

The French company said it had experienced the issue earlier this month, which caused disruptions to its games, systems and services. Ubisoft took the “precautionary measure” to reset its passwords across the company as a result. The gaming giant employs around 19,000 people.

“Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident,” the company said in a statement on 10 March.

Ubisoft said its IT teams are working with external experts to investigate the issue.

According to The Verge, a Telegram channel allegedly run by ransomware group Lapsus$ sent a smirking face emoji to a news link related to the Ubisoft hack, which could be the group taking responsibility for the cyberattack.

This same hacking group took responsibility for the Nvidia cyberattack that occurred last month. The group claims to have files on Nvidia GPU drivers, which could allow hackers to turn every Nvidia GPU into a bitcoin mining machine. A week later, the group also claimed it leaked almost 190GB of data from Samsung.

Speaking on the Ubisoft incident, Beyond Identity’s CMO Patrick McBride said company-wide and individual password resets need to be “extinct like the dinosaurs they are”.

“Unfortunately, Ubisoft is in very good company,” McBride said. “More than 80pc of data breaches are the direct result of passwords. Adversaries use compromised passwords in the first phase of their attack and live off the land by harvesting additional passwords as they move laterally to new juicy targets within the network.”

McBride said this problem is “100pc fixable” as technology exists to replace passwords with stronger, “unphishable” alternatives.

Last year, CTO of cybersecurity company Keeper Security, Craig Lurey, said password use has been exponentially increasing with the world’s “rapid transformation” toward software use and cloud-based approaches.

“No matter how much we innovate, passwords are here to stay,” Lurey said.

Growing cybersecurity risks

The last two years have shown how much the threat landscape has grown and evolved. Some of the major cyberattacks that have shaken the world recently include the HSE ransomware attack in Ireland, the attack on the world’s largest meat producer, the cyberattack on a major US gas pipeline and, most recently, the wave of cyberattacks hitting Ukraine.

SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Last week, it was reported that there was a 25pc spike in cyberattacks across the world in the two weeks following Russia’s invasion of Ukraine.

A research team at Lero – the Science Foundation Ireland research centre for software – said mandatory cybercrime reporting “in all jurisdictions” would improve the amount of data available to researchers, which would help combat the growing $1trn global cybercrime industry.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic